Merge tag 'ipsec-next-2023-07-19' of git://git.kernel.org/pub/scm/linux/kernel/git...

Steffen Klassert says:

====================
pull request (net-next): ipsec-next 2023-07-19

Just a leftover from the last development cycle:

1) delete a clear to zero of encap_oa, it is not needed anymore.
   From Leon Romanovsky.

* tag 'ipsec-next-2023-07-19' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next:
  xfrm: delete not-needed clear to zero of encap_oa
====================

Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Jakub Kicinski <[email protected]>

diff --combined net/key/af_key.c
index ede3c6a603532551ee70cb870199737b0942ca25,1cb4560afd44fab2076f1a318a09ebb52f270a71..542439b6a59cf09fa2c81fe3037601eecda13852
--- 1/net/key/af_key.c
--- 2/net/key/af_key.c
+++ b/net/key/af_key.c
@@@ -1281,7 -1281,6 +1281,6 @@@ static struct xfrm_state * pfkey_msg2xf
                                ext_hdrs[SADB_X_EXT_NAT_T_DPORT-1];
                        natt->encap_dport = n_port->sadb_x_nat_t_port_port;
                }
-               memset(&natt->encap_oa, 0, sizeof(natt->encap_oa));
        }
  
        err = xfrm_init_state(x);
@@@ -1940,8 -1939,7 +1939,8 @@@ static u32 gen_reqid(struct net *net
  }
  
  static int
 -parse_ipsecrequest(struct xfrm_policy *xp, struct sadb_x_ipsecrequest *rq)
 +parse_ipsecrequest(struct xfrm_policy *xp, struct sadb_x_policy *pol,
 +                 struct sadb_x_ipsecrequest *rq)
  {
        struct net *net = xp_net(xp);
        struct xfrm_tmpl *t = xp->xfrm_vec + xp->xfrm_nr;
@@@ -1959,12 -1957,9 +1958,12 @@@
        if ((mode = pfkey_mode_to_xfrm(rq->sadb_x_ipsecrequest_mode)) < 0)
                return -EINVAL;
        t->mode = mode;
 -      if (rq->sadb_x_ipsecrequest_level == IPSEC_LEVEL_USE)
 +      if (rq->sadb_x_ipsecrequest_level == IPSEC_LEVEL_USE) {
 +              if ((mode == XFRM_MODE_TUNNEL || mode == XFRM_MODE_BEET) &&
 +                  pol->sadb_x_policy_dir == IPSEC_DIR_OUTBOUND)
 +                      return -EINVAL;
                t->optional = 1;
 -      else if (rq->sadb_x_ipsecrequest_level == IPSEC_LEVEL_UNIQUE) {
 +      } else if (rq->sadb_x_ipsecrequest_level == IPSEC_LEVEL_UNIQUE) {
                t->reqid = rq->sadb_x_ipsecrequest_reqid;
                if (t->reqid > IPSEC_MANUAL_REQID_MAX)
                        t->reqid = 0;
@@@ -2006,7 -2001,7 +2005,7 @@@ parse_ipsecrequests(struct xfrm_policy 
                    rq->sadb_x_ipsecrequest_len < sizeof(*rq))
                        return -EINVAL;
  
 -              if ((err = parse_ipsecrequest(xp, rq)) < 0)
 +              if ((err = parse_ipsecrequest(xp, pol, rq)) < 0)
                        return err;
                len -= rq->sadb_x_ipsecrequest_len;
                rq = (void*)((u8*)rq + rq->sadb_x_ipsecrequest_len);
@@@ -3761,6 -3756,7 +3760,6 @@@ static const struct proto_ops pfkey_op
        .listen         =       sock_no_listen,
        .shutdown       =       sock_no_shutdown,
        .mmap           =       sock_no_mmap,
 -      .sendpage       =       sock_no_sendpage,
  
        /* Now the operations that really occur. */
        .release        =       pfkey_release,